Excluding File Paths · anchore/syft Wiki · GitHub
Skip to content

Excluding File Paths

Alan Pope edited this page May 17, 2024 · 1 revision

Excluding file paths

Syft can exclude files and paths from being scanned within a source by using glob expressions with one or more --exclude parameters:

syft <source> --exclude './out/**/*.json' --exclude /etc

Note: in the case of image scanning, since the entire filesystem is scanned it is possible to use absolute paths like /etc or /usr/**/*.txt whereas directory scans exclude files relative to the specified directory. For example: scanning /usr/foo with --exclude ./package.json would exclude /usr/foo/package.json and --exclude '**/package.json' would exclude all package.json files under /usr/foo. For directory scans, it is required to begin path expressions with ./, */, or **/, all of which will be resolved relative to the specified scan directory. Keep in mind, your shell may attempt to expand wildcards, so put those parameters in single quotes, like: '**/*.json'.

Clone this wiki locally